Creating Groups

Authors
  • avatar
    Name
    Michael Bui
    Twitter

Overview

Documentation: Microsoft Docs

Groups allow you to organize users and apply settings/policy easier. It's easier to group users and assign a setting to the group than it is to apply it to every individual user.

In this lab, we're going to create static and dynamic groups. We'll also explore the different options to create a group, such as using CLI and PowerShell.

Creating a Group

Portal

  1. Azure Active Directory -> Groups -> New Group
  2. Fill out the form with settings you want for the group

Azure CLI

Documentation: Microsoft Docs

Available parameters

az ad group create --display-name --mail-nickname [--description] [--force {false, true}]

Example: Creates a group named Static Test Group

az ad group create --display-name 'Static Test Group' --mail-nickname 'Static' --description "Static group made for testing purposes"

PowerShell

Documentation: Microsoft Docs

Available parameters

New-AzureADGroup
[-InformationAction <ActionPreference>]
[-InformationVariable <String>]
[-Description <String>]
-DisplayName <String>
-MailEnabled <Boolean>
-MailNickName <String>
-SecurityEnabled <Boolean>
[<CommonParameters>]

The new cmdlet New-AzureADMSGroup provides alot more functionality to the original New-AzureAdGroup Requires the AzureADPreview cmdlet

Install-Module -Name AzureADPreview

New-AzureADMSGroup
   [-Description <String>]
   -DisplayName <String>
   [-IsAssignableToRole <Boolean>]
   -MailEnabled <Boolean>
   -MailNickname <String>
   -SecurityEnabled <Boolean>
   [-GroupTypes <System.Collections.Generic.List`1[System.String]>]
   [-Visibility <String>]
   [<CommonParameters>]

Example: Creating a dynamic group

New-AzureADMSGroup -Description "Test Dynamic Group made with PS"
-DisplayName "Test Dynamic Group" -MailEnabled $false -SecurityEnabled $true -MailNickname "N/A" -GroupTypes "DynamicMembership" -MembershipRule "(user.displayName -contains ""bui"")" -MembershipRuleProcessingState "On"

Result:

Static vs Dynamic Groups

Static groups have members assigned manually, whereas dynamic groups use membership rules to assign members.

Changing to Dynamic Membership

Dynamic membership can be made using PowerShell like shown previously or by the Azure Portal.

  1. Change membership type to Dynamic User or Dynamic Device
  2. Configure membership rules to have users/devices dynamically assigned to the group